Solved Can't remove Google redirect virus

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x81A1C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81A1C000 PnpManager 3907584 bytes
0x81A1C000 RAW 3907584 bytes
0x81A1C000 WMIxWDM 3907584 bytes
0x91C10000 Win32k 2109440 bytes
0x91C10000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x85E07000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8246E000 C:\Windows\system32\drivers\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8260D000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x89A0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89800000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x82724000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A20D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80605000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82584000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x898B0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x899BE000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8072A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8A604000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A1B3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A4B1000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8A2A5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8A6BE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82433000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8995D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x85F17000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A46B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81DD6000 ACPI_HAL 208896 bytes
0x81DD6000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807BF000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8A64C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8A396000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8A4F0000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82408000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8A42A000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x89996000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A2F2000 C:\Windows\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0x85F67000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8A51D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x827C4000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x85F9F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x805D8000 C:\Windows\system32\drivers\dwprot.sys 135168 bytes (Doctor Web, Ltd., Dr.Web Protection for Windows)
0x8991D000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8A575000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8993E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807A1000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8A79A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x826FA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8A75C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8A35A000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8A7B7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A37E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8A7E5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8A319000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8A704000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91E20000 C:\Windows\System32\drivers\dxg.sys 94208 bytes (Microsoft Corporation, DirectX Graphics Driver)
0x8A3C5000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x89B11000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8A687000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x805C2000 C:\Windows\system32\drivers\spiderg3.sys 90112 bytes (Doctor Web, Ltd., Dr.Web File System Monitor)
0x8A5C8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8A7D0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A403000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A73B000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x89AEA000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x827E7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8A5DE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A331000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8A787000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8A6AB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x89AFF000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x85F8E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A4A0000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805B2000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A777000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80789000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A418000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82715000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x85F58000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A3E7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A2E3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8A69D000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A5B1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8077B000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8A71B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8A45E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80681000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8A200000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A569000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A1A7000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8A728000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A34F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A344000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A5A6000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8A3DC000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x82579000 C:\Windows\system32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x85FE9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A29A000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8A752000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A454000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8A6FA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8A3F6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A374000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8A5F2000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x85FC0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8A542000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x89B27000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A5BF000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x91E50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x85FF4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A67E000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x80799000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8A733000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x91ED0000 C:\Windows\System32\framebuf.dll 32768 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A596000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A59E000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x85F50000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A552000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A562000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80774000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8A54B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A559000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8A1A5000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 260.99 )
0x8A428000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A750000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected

 

Hey Broni,

Had a set back. I booted the system this morning and it won't boot into Windows, just into safe mode.

I tried to do a System repair and it went through the process but still won't boot into windows.

Wil

 

Ok, up and running again. Here's the otl.txt:

OTL logfile created on: 3/19/2011 5:51:21 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 256.86 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 2.44 Gb Free Space | 45.39% Space Free | Partition Type: NTFS
Drive E: | 2.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 06:53:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2011/02/09 07:26:55 | 001,667,416 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2011/02/03 07:04:52 | 001,477,872 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2011/01/26 04:45:54 | 001,572,592 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2010/12/17 23:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 06:53:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0324881299610170mcinstcleanup) McAfee Application Installer Cleanup (0324881299610170)
SRV - [2011/02/09 07:26:55 | 001,667,416 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/03 07:04:50 | 000,139,768 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/01/26 04:45:53 | 000,093,944 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 70 32 38 D0 E4 CB 01 [binary data]
IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/16 18:25:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/16 18:25:32 | 000,000,000 | ---D | M]

[2011/03/16 18:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2011/03/17 10:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\6c8ms2sn.default\extensions
[2011/03/17 10:04:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\6c8ms2sn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/16 18:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/08 14:49:43 | 000,000,002 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000..\Run: [SBQM] C:\Users\Robert\AppData\Roaming\dxdiago.dll ()
O4 - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000..\Run: [WeatherBugAlert] C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 17:48:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2011/03/17 12:12:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/17 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\temp
[2011/03/17 12:11:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/17 12:05:34 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2011/03/17 12:03:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/16 18:25:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mozilla
[2011/03/16 18:25:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mozilla
[2011/03/16 18:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/16 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/16 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\gmer
[2011/03/14 13:46:50 | 000,139,768 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2011/03/14 13:46:44 | 000,093,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\spiderg3.sys
[2011/03/14 13:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Web
[2011/03/14 13:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2011/03/14 13:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2011/03/14 13:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/03/14 13:41:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\tdsskiller[1]
[2011/03/09 17:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/08 16:59:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\GooredFix Backups
[2011/03/08 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2011/03/08 16:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/08 16:21:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/08 16:21:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/08 16:21:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/08 16:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/08 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\OneNote Notebooks
[2011/03/08 13:46:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\tdsskiller
[2011/03/08 12:27:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Windows Live Writer
[2011/03/08 12:27:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Windows Live Writer
[2011/03/08 11:28:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/08 11:28:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/08 11:28:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/08 11:27:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/08 11:27:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/07 18:12:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\DoctorWeb
[2011/03/07 17:56:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/07 17:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/07 17:31:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/07 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/07 15:38:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/07 15:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/02 13:04:46 | 000,000,000 | R--D | C] -- C:\Users\Robert\Documents\New Briefcase
[2011/03/02 11:45:38 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\TDSSKiller.exe
[2011/02/27 01:34:02 | 000,000,000 | ---D | C] -- C:\Windows\Speeditup Free
[2011/02/27 01:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2011/02/23 15:16:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Tific
[2011/02/23 15:16:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Tific
[2011/02/19 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/19 17:53:44 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/19 17:53:44 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/19 17:51:58 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC3DDFB0-522C-4689-A671-5BD8A129D0D2}.job
[2011/03/19 17:47:00 | 000,001,356 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2011/03/19 17:46:56 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 17:46:56 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 17:46:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/19 17:46:34 | 1071,099,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 06:53:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2011/03/18 20:19:41 | 000,133,632 | ---- | M] () -- C:\Users\Robert\Desktop\RKUnhookerLE.EXE
[2011/03/18 13:46:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Dr.Web Update.job
[2011/03/17 12:02:52 | 004,289,556 | R--- | M] () -- C:\Users\Robert\Desktop\ComboFix.exe
[2011/03/16 18:25:42 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/03/16 18:25:36 | 000,001,753 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/16 18:25:36 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/16 16:29:58 | 000,625,664 | ---- | M] () -- C:\Users\Robert\Desktop\dds.scr
[2011/03/16 16:22:08 | 000,080,384 | ---- | M] () -- C:\Users\Robert\Desktop\MBRCheck.exe
[2011/03/15 10:51:12 | 001,263,721 | ---- | M] () -- C:\Users\Robert\Desktop\tdsskiller.zip
[2011/03/14 14:29:32 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2011/03/14 13:46:37 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Dr.Web Scanner.lnk
[2011/03/08 14:49:43 | 000,000,002 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/08 14:47:44 | 000,003,656 | -HS- | M] () -- C:\Windows\System32\drivers\etc\OneNote Table Of Contents.onetoc2
[2011/03/08 14:47:31 | 000,001,116 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/07 17:57:11 | 000,079,184 | ---- | M] () -- C:\Users\Robert\Documents\cc_20110307_165708.reg
[2011/03/07 17:56:17 | 000,000,809 | ---- | M] () -- C:\Users\Robert\Desktop\CCleaner.lnk
[2011/03/03 15:35:10 | 000,288,107 | ---- | M] () -- C:\Users\Robert\Desktop\gmer.zip
[2011/03/02 13:48:39 | 000,000,948 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/02 13:06:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/03/02 13:05:14 | 000,005,632 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 11:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\TDSSKiller.exe
[2011/02/28 13:26:57 | 000,052,736 | RHS- | M] () -- C:\Users\Robert\AppData\Roaming\dxdiago.dll
[2011/02/27 01:33:16 | 000,001,745 | ---- | M] () -- C:\Users\Robert\Desktop\Create Your Own Video Screensaver!.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 07:34:12 | 1071,099,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 20:20:25 | 000,133,632 | ---- | C] () -- C:\Users\Robert\Desktop\RKUnhookerLE.EXE
[2011/03/16 18:25:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/16 18:25:36 | 000,001,753 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/16 18:25:36 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/16 16:30:26 | 000,625,664 | ---- | C] () -- C:\Users\Robert\Desktop\dds.scr
[2011/03/16 16:22:36 | 000,080,384 | ---- | C] () -- C:\Users\Robert\Desktop\MBRCheck.exe
[2011/03/16 14:44:24 | 000,288,107 | ---- | C] () -- C:\Users\Robert\Desktop\gmer.zip
[2011/03/14 13:46:48 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2011/03/14 13:46:45 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\Dr.Web Update.job
[2011/03/14 13:46:37 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Dr.Web Scanner.lnk
[2011/03/09 16:45:27 | 001,263,721 | ---- | C] () -- C:\Users\Robert\Desktop\tdsskiller.zip
[2011/03/09 15:41:41 | 004,289,556 | R--- | C] () -- C:\Users\Robert\Desktop\ComboFix.exe
[2011/03/08 14:47:31 | 000,001,116 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/08 11:28:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/08 11:28:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/08 11:28:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/08 11:28:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/08 11:28:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/07 18:06:58 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/07 17:57:10 | 000,079,184 | ---- | C] () -- C:\Users\Robert\Documents\cc_20110307_165708.reg
[2011/03/07 17:56:17 | 000,000,809 | ---- | C] () -- C:\Users\Robert\Desktop\CCleaner.lnk
[2011/03/02 11:09:02 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC3DDFB0-522C-4689-A671-5BD8A129D0D2}.job
[2011/02/28 13:26:57 | 000,052,736 | RHS- | C] () -- C:\Users\Robert\AppData\Roaming\dxdiago.dll
[2011/02/27 01:33:16 | 000,001,745 | ---- | C] () -- C:\Users\Robert\Desktop\Create Your Own Video Screensaver!.lnk
[2011/02/05 23:47:01 | 000,005,632 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 14:07:54 | 000,000,552 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d8caps.dat
[2011/01/20 18:48:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/20 18:48:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/06 17:30:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/06 16:07:08 | 000,001,356 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2010/01/13 21:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/13 21:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,264,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,420 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,430 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/13 00:31:56 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.w3i.intune
[2011/02/09 00:40:34 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FreeFileViewer
[2011/02/04 08:44:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Image Zone Express
[2011/02/05 23:45:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MusicNet
[2011/02/04 08:44:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Printer Info Cache
[2011/01/15 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\RegistryKeys
[2011/02/23 15:16:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tific
[2011/03/08 12:27:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Windows Live Writer
[2011/03/14 14:29:32 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Daily scan.job
[2011/03/18 13:46:08 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Update.job
[2011/03/18 20:26:34 | 000,027,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/19 17:51:58 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3DDFB0-522C-4689-A671-5BD8A129D0D2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/31 09:47:43 | 000,032,948 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/06 17:38:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/17 12:12:23 | 000,013,690 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/28 20:09:45 | 000,053,705 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/08/30 16:19:21 | 000,000,115 | ---- | M] () -- C:\FtpCmd.txt
[2011/03/19 17:46:34 | 1071,099,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 10:36:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/04 10:36:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/19 17:46:33 | 1384,980,480 | -HS- | M] () -- C:\pagefile.sys
[2010/08/20 20:45:00 | 000,005,882 | ---- | M] () -- C:\scramble.log
[2008/09/24 10:38:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/24 10:38:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/03/07 17:48:11 | 000,055,552 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_07.03.2011_16.47.54_log.txt
[2011/03/08 13:46:40 | 000,054,968 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_08.03.2011_12.46.20_log.txt
[2011/03/08 14:24:14 | 000,054,968 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_08.03.2011_13.23.56_log.txt
[2011/03/09 16:46:27 | 000,054,968 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_09.03.2011_15.45.40_log.txt
[2011/03/10 18:12:49 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_10.03.2011_17.12.47_log.txt
[2011/03/10 18:21:04 | 000,054,990 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_10.03.2011_17.13.20_log.txt
[2011/03/14 13:40:51 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_14.03.2011_13.40.48_log.txt
[2011/03/15 10:50:49 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_15.03.2011_10.50.43_log.txt
[2011/03/18 09:19:49 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_18.03.2011_09.19.42_log.txt
[2011/03/14 13:43:16 | 000,054,968 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_14.03.2011_13.41.18_log.txt
[2011/03/15 11:01:50 | 000,055,456 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.03.2011_10.52.11_log.txt
[2011/03/16 10:58:46 | 000,056,062 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_16.03.2011_10.38.22_log.txt
[2011/03/18 09:22:26 | 000,055,456 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.03.2011_09.20.43_log.txt
[2009/12/18 15:55:29 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
[2008/07/13 19:41:21 | 000,000,152 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/01/21 14:07:03 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/30 16:25:56 | 000,000,286 | -HS- | M] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/17 12:02:52 | 004,289,556 | R--- | M] () -- C:\Users\Robert\Desktop\ComboFix.exe
[2011/03/16 16:22:08 | 000,080,384 | ---- | M] () -- C:\Users\Robert\Desktop\MBRCheck.exe
[2011/03/19 06:53:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2011/03/18 20:19:41 | 000,133,632 | ---- | M] () -- C:\Users\Robert\Desktop\RKUnhookerLE.EXE
[2011/03/02 11:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/21 15:03:05 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/01/21 15:02:35 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/01/21 15:02:35 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/01/21 15:02:35 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/01/21 15:02:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2011/01/21 15:02:35 | 001,056,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/06 16:07:37 | 000,000,402 | -HS- | M] () -- C:\Users\Robert\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/04 12:45:09 | 000,001,971 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

 

Extra.txt:
OTL Extras logfile created on: 3/19/2011 5:51:21 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 256.86 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 2.44 Gb Free Space | 45.39% Space Free | Partition Type: NTFS
Drive E: | 2.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2129897722-2078608623-2969488967-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E5DDA-2BD8-49AA-8573-B89FDC921197}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0DDC96FB-8A8A-4C91-9C87-D53EDA88D1C6}" = rport=137 | protocol=17 | dir=out | app=system |
"{15C0B9B8-9324-4B70-91D4-40FF53D28D0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19296468-4C0D-449E-BFC9-24BCFC6ED525}" = lport=139 | protocol=6 | dir=in | app=system |
"{322D23C8-98DD-4E31-91F3-8BC090EBFEF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{44816D80-FB48-4B60-9335-30D6C724C188}" = lport=138 | protocol=17 | dir=in | app=system |
"{559CE18B-2C9F-40D9-80D6-0BD1C76B29E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AF55118-C23D-440C-AAED-D243141B64EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C74AD67-C8B1-4AE3-846F-2164E7803642}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFF950C7-8451-404B-9889-8964E93C68D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB34DD54-D122-4EB1-83EE-59D181D752A6}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC08B251-F80B-4057-9AAC-3C16F8BBE27F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EB1388BF-159A-4380-8C65-19EF48D945D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{378909EC-1CD9-4A73-B093-9D00F9E7A4D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{471D7898-F21F-4418-8DD1-85D972000E27}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{494606A8-AA15-4794-B949-722273329674}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{54C755C5-1930-4467-9A7C-99B67580FDD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{74A6D6D8-26BF-46E4-8C54-F97224F7D090}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7C0CCF00-80FF-490B-BF84-61CB138D8A4B}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{8DB0F4E2-7934-46D8-ACB5-88A1FB35BDAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{BA96C4F0-925B-4344-81D3-94E07073BC6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C610693F-D1B8-4E0A-8960-3D484C9AA180}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{D33BBA56-9C82-417D-99A5-20AE5ED13783}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3BB1220-436F-456E-825D-CB13609905BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EA169627-931E-4E22-96EA-D9354CEE0E7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F2DE320C-2E0B-42B8-9FDE-F016853EEC51}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{61CE5643-BCB8-4755-8F5D-032DF2684F41}C:\programdata\18157b\pi181_2272.exe" = protocol=6 | dir=in | app=c:\programdata\18157b\pi181_2272.exe |
"UDP Query User{1C9C94A2-1F6F-49EC-80D3-3CD9D098025D}C:\programdata\18157b\pi181_2272.exe" = protocol=17 | dir=in | app=c:\programdata\18157b\pi181_2272.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B5661DA-C3BA-4FAA-AC8C-C6EF02729670}" = Dr.Web anti-virus for Windows 6.0 (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{508BFA95-545E-42A2-8C9D-E531C53C9B79}" = inTuneMP3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"STANDARDR" = Microsoft Office Standard 2007
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2011 5:04:20 PM | Computer Name = Robert-PC | Source = Perflib | ID = 1010
Description =

Error - 3/16/2011 7:25:53 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/17/2011 11:01:11 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/17/2011 11:08:20 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/17/2011 2:21:20 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/18/2011 10:18:58 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/18/2011 9:20:35 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2011 8:05:44 AM | Computer Name = Robert-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/19/2011 8:07:02 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2011 6:48:19 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1/19/2011 10:14:29 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 10:14:29 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Error reprocessing guide: System.Runtime.InteropServices.COMException
(0x8007043C): Retrieving the COM class factory for component with CLSID {4B635ECB-0887-4015-8CA6-D621362F98D1}
failed due to the following error: 8007043c. at Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()

at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry[T](EhepgdatCaller`1
x) at Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Process: DefaultDomain Object
Name: Media Center Guide

Error - 1/19/2011 10:14:29 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Error: Failed to reprocess guide! Process: DefaultDomain
Object
Name: Media Center Guide

Error - 1/19/2011 10:15:02 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 10:15:02 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 10:15:02 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 10:15:02 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 11:06:47 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 11:06:47 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/19/2011 11:06:47 PM | Computer Name = Robert-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

[ System Events ]
Error - 1/21/2011 2:13:24 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/21/2011 2:39:45 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2011 2:39:51 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2011 2:39:52 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2011 2:39:55 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2011 2:39:55 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 1/21/2011 2:41:16 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/21/2011 2:41:16 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/21/2011 2:51:57 PM | Computer Name = Robert-PC | Source = HTTP | ID = 15016
Description =

Error - 1/21/2011 2:53:39 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

 

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Dr.Web anti-virus for Windows 6.0 (x86)
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

 

I can't find it. Would you like me to run the fix again? Sorry!

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1beec3a79635e7408fd00b5d73e797b4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-09 10:48:57
# local_time=2011-03-09 04:48:57 (-0600, Central Standard Time)
# country= "United States "
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 1380306 136316422 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88834
# found=2
# cleaned=0
# scan_time=2042
C:\Qoobox\Quarantine\C\ProgramData\18157b\67.mof.vir Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A4FB7C27-5DC2-45FB-95C1-7C729D9BA705}\RP13\A0011870.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1beec3a79635e7408fd00b5d73e797b4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-09 11:56:51
# local_time=2011-03-09 05:56:51 (-0600, Central Standard Time)
# country= "United States "
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 1384489 136320605 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88792
# found=2
# cleaned=2
# scan_time=1933
C:\Qoobox\Quarantine\C\ProgramData\18157b\67.mof.vir Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A4FB7C27-5DC2-45FB-95C1-7C729D9BA705}\RP13\A0011870.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1beec3a79635e7408fd00b5d73e797b4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-10 11:12:04
# local_time=2011-03-10 05:12:04 (-0600, Central Standard Time)
# country= "United States "
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 1468261 136404377 0 0
# compatibility_mode=8192 67108863 100 0 5334 5334 0 0
# scanned=89754
# found=0
# cleaned=0
# scan_time=1875
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1beec3a79635e7408fd00b5d73e797b4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-15 06:16:41
# local_time=2011-03-15 01:16:41 (-0600, Central Daylight Time)
# country= "United States "
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4607 16777215 0 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1882531 136818647 0 0
# compatibility_mode=8192 67108863 100 0 419604 419604 0 0
# scanned=88785
# found=0
# cleaned=0
# scan_time=1881
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1beec3a79635e7408fd00b5d73e797b4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-20 12:19:23
# local_time=2011-03-19 07:19:23 (-0600, Central Daylight Time)
# country= "United States "
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4607 16777215 0 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 2249589 137185705 0 0
# compatibility_mode=8192 67108863 100 0 786662 786662 0 0
# scanned=91124
# found=0
# cleaned=0
# scan_time=2186

 

First OTL run:
All processes killed
========== OTL ==========
Error: No service named 0324881299610170mcinstcleanup) McAfee Application Installer Cleanup (0324881299610170 was found to stop!
Service\Driver key 0324881299610170mcinstcleanup) McAfee Application Installer Cleanup (0324881299610170 not found.
Registry value HKEY_USERS\S-1-5-21-2129897722-2078608623-2969488967-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Robert
->Temp folder emptied: 46937 bytes
->Temporary Internet Files folder emptied: 4399441 bytes
->Java cache emptied: 1657707 bytes
->FireFox cache emptied: 45345631 bytes
->Flash cache emptied: 60572 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33728 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03192011_182101

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Second run:
All processes killed
========== OTL ==========
Error: No service named 0324881299610170mcinstcleanup) McAfee Application Installer Cleanup (0324881299610170 was found to stop!
Service\Driver key 0324881299610170mcinstcleanup) McAfee Application Installer Cleanup (0324881299610170 not found.
Registry value HKEY_USERS\S-1-5-21-2129897722-2078608623-2969488967-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File/Folder C:\Windows\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Robert
->Temp folder emptied: 40264 bytes
->Temporary Internet Files folder emptied: 2354126 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03202011_164822

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Still redirects.

 

Hey broni,

Sorry for the delay but family concern came up.

I tried this, and the IE worked properly for the first couple tries and then reverted back to redirecting.

The same happened to Firefox.

Wil

 

Well, sometimes I win a free ipod or it forwards me to a dummy facebook page. Those are the most popular reroutes.

Other times, it is to generic advertising.

You can usually tell when it reroutes because there will be a small delay and then redirects.

Wil